I too went through LDAP authentication hell - but did eventually get this working. The first thing is to discover the correct value for the userDN property - it most likely is NOT at all obvious.. Use "dsquery user -samid YourUsername" at the domain server command line to get the correct value!! The ONLY file I edited was applicationContext-security.xml Here are the relevant parts: <bean id="authenticationManager" class="org.springframework.security.providers.ProviderManager"> <property name="providers"> <list> <ref local="ldapAuthenticationProvider"/> <ref bean="${bean.daoAuthenticationProvider}"/> <!-- <ref local="anonymousAuthenticationProvider"/> anonymousAuthenticationProvider only needed if filterInvocationInterceptor.alwaysReauthenticate is set to true <ref bean="anonymousAuthenticationProvider"/> --> <!-- ref local="jaasAuthenticationProvider"/ --> </list> </property> </bean> <bean id="ldapContextSource" class="org.springframework.security.ldap.DefaultSpringSecurityContextSource"> <constructor-arg value="ldap://SERVER.DOMAIN:389/" /> <!-- userDn and password properties are not needed if LDAP server accepts anonymous lookup --> <property name="userDn"> <!-- results of dsquery user -samid usermane go here --> <value>CN=YourUser,OU=SBSUsers,OU=Users,OU=MyBusiness,DC=yourdc,DC=local</value> </property> <property name="password"> <value>mypassword</value> </property> </bean> <bean id="ldapAuthenticationProvider" class="org.springframework.security.providers.ldap.LdapAuthenticationProvider"> <constructor-arg> <bean class="org.springframework.security.providers.ldap.authenticator.BindAuthenticator"> <constructor-arg> <ref local="ldapContextSource"/> </constructor-arg> <property name="userSearch" ref="userSearch"/> </bean> </constructor-arg> </bean> <bean id="userSearch" class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch"> <constructor-arg index="0"> <value>OU=SBSUsers,OU=Users,OU=MyBusiness,DC=yourdc,DC=local</value> </constructor-arg> <constructor-arg index="1"> <value>(sAMAccountName={0})</value> </constructor-arg> <constructor-arg index="2"> <ref local="ldapContextSource" /> </constructor-arg> <property name="searchSubtree"> <value>true</value> </property> </bean>[/code]